://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List on behalf of
Rugen, Len
Sent: Saturday, December 8, 2018 1:18 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Code vulnerability
I guess you could write assembler code entirely with
DCX
That's actually not crazy, and matches what Tripwire and friends do IIRC.
As opposed to a long-ago QA person who would compare each file from each
release and demand explanations for each new or changed file. Since this
was VM and the products included source code, the conversation would go
like
On Sat, 8 Dec 2018, at 19:28, Paul Gilmartin wrote:
> "ZAP" is a key word. How does one guarantee that any program in any language
> hasn't been ZAPped after passing audit?
Twenty years or so ago the bank I worked at ran an audit tool which stored
a hash or checksum of every loadmodule, and
On Sat, 8 Dec 2018 21:09:42 +0200, Binyamin Dissen
wrote:
>I don't believe this tool would be appropriate for the OP as it detects system
>objects (for the lack of a better term) that allow inappropriate privilege
>elevation or storage access. Application code would not benefit from this
>tool.
On Sat, 8 Dec 2018 18:18:04 +, Rugen, Len wrote:
>I guess you could write assembler code entirely with
> DCX'.'
>
Don't do that!
RLDs? Location independent code?
>The use ZAP to maintain it :-)
>
"ZAP" is a key word. How does one guarantee that any program in any
ember 7, 2018 4:39 PM
:>To: IBM-MAIN@LISTSERV.UA.EDU
:>Subject: Re: Code vulnerability
:>
:>I currently work for Micro Focus, and we have the "Fortify" product line. I
am NOT in that group, however, and I really don't know if it does what you are
looking for or not - althou
I guess you could write assembler code entirely with
DCX'.'
The use ZAP to maintain it :-)
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the
-MAIN@LISTSERV.UA.EDU
Subject: Re: Code vulnerability
I currently work for Micro Focus, and we have the "Fortify" product line. I am
NOT in that group, however, and I really don't know if it does what you are
looking for or not - although I know it does have support for scanning
mainf
As another candidate, AppScan Source supports COBOL, but I'm not sure about
Assembler. That's quite technically tricky.
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z &
IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Steve Smith
> Sent: Friday, December 07, 2018 2:14 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Code vulnerability
>
> Depends on what kind of vulnerability you're looking for. z/OS itself isn'
: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
> On Behalf Of scott Ford
> Sent: Friday, December 7, 2018 10:04 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Code vulnerability
>
> All,
>
> We write in Enterprise Cobol and HLASM and had a reseller
frame Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of scott Ford
> Sent: Friday, December 7, 2018 10:04 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Code vulnerability
>
> All,
>
> We write in Enterprise Cobol and HLASM and had a reseller asked us if we
> scanned o
Ray Overby at Key Resources, Inc.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of scott Ford
Sent: Friday, December 7, 2018 10:04 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Code vulnerability
All,
We write in Enterprise
Scott,
Unless your code runs authorized, is an SVC or a PC I don't think it can
cause vulnerabilities that threaten your system. The system does a pretty
good job of isolating problem state code such that it will not cause
problems.
Lou
--
Artificial Intelligence is no match for Natural
IBM has a tool called ADDI and I believe Compuware might have one as well.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of scott Ford
Sent: Friday, December 07, 2018 1:04 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Code vulnerability
All,
We write in Enterprise Cobol and HLASM and had a reseller asked us if we
scanned our Cobol code and HLASM code for vulnerabilities ..Does software
for this exist ? I know according to one of our people Sonarcube can do
Cobol scans, but is expensive , like $5.
Has anyone heard on any
16 matches
Mail list logo